system/libsignal-protocol-c: Update script.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2024-11-16 19:50:19 +01:00 · 2024-02-26 07:59:12 +07:00 · 2024-02-26 07:59:12 +07:00 · 1694337de7
commit 1694337de7
parent 58bbe3951a
3 changed files with 73 additions and 6 deletions
--- a/system/libsignal-protocol-c/README
+++ b/system/libsignal-protocol-c/README
@ -1,2 +1,11 @@
 This is a ratcheting forward secrecy protocol that works
 in synchronous and asynchronous messaging environments.
+The code upstream has been marked as "archived" since February 2022.
+
+The default is to provide a shared library. However, one can build it
+statically by passing STATIC=yes:
+
+# STATIC=yes sh libsignal-protocol-c.SlackBuild
+
+This way you can statically link it into your final program and 
+remove the library.
--- a/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
+++ b/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
@ -0,0 +1,53 @@
+From 478dfe51552243b367cf2e9c5d047cbbd3c21635 Mon Sep 17 00:00:00 2001
+From: Randy Barlow <randy@electronsweatshop.com>
+Date: Fri, 18 Mar 2022 12:42:57 -0400
+Subject: [PATCH] CVE-2022-48468: unsigned integer overflow
+
+This commit combines two upstream commits from protobuf-c[0][1].
+The first fixes an unsigned integer overflow, and the second fixes a
+regression introduced by the first. I originally decided to amend the
+commit message of the first to mention that it fixes a CVE, but then I
+realized it would be better to bring the fix for the regression together
+with it.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468
+https://bugzilla.redhat.com/show_bug.cgi?id=2186673
+
+[0]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/289f5c18b195aa43d46a619d1188709abbfa9c82
+[1]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/0d1fd124a4e0a07b524989f6e64410ff648fba61
+
+Co-authored-by: 10054172 <hui.zhang@thalesgroup.com>
+Co-authored-by: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
+Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
+---
+ src/protobuf-c/protobuf-c.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/protobuf-c/protobuf-c.c b/src/protobuf-c/protobuf-c.c
+index 4f2f5bc..6ae5287 100644
+--- a/src/protobuf-c/protobuf-c.c
+++ b/src/protobuf-c/protobuf-c.c
+@@ -2456,10 +2456,13 @@ parse_required_member(ScannedMember *scanned_member,
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+-						 allocator,
+-						 len - pref_len,
+-						 data + pref_len);
+		if (len >= pref_len)
+			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+							 allocator,
+							 len - pref_len,
+							 data + pref_len);
+		else
+			subm = NULL;
+ 
+ 		if (maybe_clear &&
+ 		    *pmessage != NULL &&
+-- 
+2.39.2
+
--- a/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild
+++ b/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild
@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)

 PRGNAM=libsignal-protocol-c
 VERSION=${VERSION:-2.3.3}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}

@ -51,6 +51,8 @@ TMP=${TMP:-/tmp/SBo}
 PKG=$TMP/package-$PRGNAM
 OUTPUT=${OUTPUT:-/tmp}

+[ "${STATIC:-no}" = "yes" ] && SHARED_LIBS_STATUS=OFF || SHARED_LIBS_STATUS=ON
+
 if [ "$ARCH" = "i586" ]; then
  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
  LIBDIRSUFFIX=""
@ -60,6 +62,9 @@ elif [ "$ARCH" = "i686" ]; then
 elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "aarch64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
 else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
@ -80,6 +85,9 @@ find -L . \
 \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

+# Patch for CVE-2022-48468 (obtained from the Gentoo package)
+patch -p1 < $CWD/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
+
 mkdir -p build
 cd build
  cmake \
@ -87,15 +95,12 @@ cd build
    -DCMAKE_CXX_FLAGS:STRING="$SLKCFLAGS" \
    -DCMAKE_INSTALL_PREFIX=/usr \
    -DLIB_SUFFIX=${LIBDIRSUFFIX} \
-    -DMAN_INSTALL_DIR=/usr/man \
+    -DBUILD_SHARED_LIBS=$SHARED_LIBS_STATUS \
    -DCMAKE_BUILD_TYPE=Release ..
  make
-  make install DESTDIR=$PKG
+  make install/strip DESTDIR=$PKG
 cd ..

-find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
-  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
-
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
 cp -a \
  ISSUE_TEMPLATE.md LICENSE README.md \